Is there a way to rotate the client secret on the MCP configuration?
Rotate Gainsight CS MCP client secret
+3
Hey
The Gainsight MCP integration uses OAuth with PKCE for authentication rather than a static client secret that needs periodic rotation. That said, here's how you can manage the credentials:
To rotate/update the Client Secret in Gainsight CS:
- Go to Administration > User Management and click the Authentication tab in your Gainsight CS instance.
- Navigate to the OAuth application you created for the MCP integration.
- You can generate a new Client Secret there. After updating, make sure the new Client Secret is copied, as it's required for the connector configuration.
Important note: Gainsight now masks sensitive credential fields after the initial session — the Client Secret is visible only once when you create or edit the connection. If you close and reopen the edit window, it will be masked and no longer visible. So make sure to copy it immediately after generating a new one.
If you're a Gainsight admin and need more specific guidance on where the OAuth app settings live in your tenant, I'd recommend checking with your Gainsight CS admin or referring to Gainsight's support documentation directly. Would you like help with any specific step?
Regards,
Venkat
+3Thanks for your reply,
I’ve checked the setup, but it doesn’t correspond to your guidance:
- I don’t see a button (or anything else) to generate a new Client Secret
- The credential field can easily be made visible, so it’s not fully masked (but that’s not really relevant for my question)
So where can I generate the new Secret exactly?
Kind regards,
Jef
Hi
Per the article: https://support.gainsight.com/gainsight_nxt/Release_Notes/Current_Release_Notes_-_2026/Gainsight_CS_Release_Notes_Q4_January_2026?utm_source=openai#OAuth_Secret_Rotation_Enhancements_in_Connectors_UI the OAuth regenerate access key is added in the connectors section of the UI.
Thanks!
+3
The button to regenerate a secret seems only available for connectors, but not for the MCP configuration.
Hi
- Delete and recreate the OAuth app in Administration > User Management > Authentication > OAuth Applications — this generates a fresh Client ID and Secret, which you'd then need to re-enter in your LLM tool
- Contact Gainsight Support to ask if there's a way to regenerate the secret for a User Management OAuth app without deleting it.
Thank you!
+3Thank you
Sign up
If you ever had a profile with us, there's no need to create another one.
Don't worry if your email address has since changed, or you can't remember your login, just let us know at community@gainsight.com and we'll help you get started from where you left.
Else, please continue with the registration below.
Welcome to the Gainsight Community
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.